From: Bennett Todd <bet@rahul.net>
To: Johnathon Day <jcday@mail.thesportsregister.com>
Cc: Jan Petranek <jan@petranek.de>, selinux@tycho.nsa.gov
Subject: Re: Goal / Danger: Attack by malicious root
Date: Mon, 15 Jan 2001 14:19:03 -0500 [thread overview]
Message-ID: <20010115141903.S8565@rahul.net> (raw)
In-Reply-To: <Pine.LNX.4.21.0101151209240.18288-100000@mail.thesportsregister.com>; from jcday@mail.thesportsregister.com on Mon, Jan 15, 2001 at 12:53:07PM -0500
[-- Attachment #1: Type: text/plain, Size: 1366 bytes --]
2001-01-15-12:53:07 Johnathon Day:
> If someone on the SELinux team sees any mistakes in what I'm saying,
> feel free to correct me.
I'm not on the selinux team, but I see an assumption you're making
that needs to be hauled out and examined clearly.
You're assuming that control mechanisms wired into selinux can be
effective. This is true only as long as the selinux installation
itself isn't modified or replaced by something else.
The original poster seemed to be describing a setting where the
physical hardware on which the OS was running was left exposed in a
public lab. If that were the case, then no OS protections could
solve the resulting security problem; before OS design can be of any
help, the hardware itself must be physically secured enough to
prevent the attacker from simply replacing it.
That's why replies emphasized tricks like rigging a bootable CD to
carry with you.
> SELinux, as I understand it, uses mandatory access controls. To me,
> this implies that NO user, including the superuser, has automatic right
> of access, except in those specific cases where access is explicitly
> granted. ie: the default is to deny access.
That's all fine --- as long as selinux is running, and the OS itself
hasn't been compromised. With physically unprotected hardware, that
cannot be guaranteed.
-Bennett
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
next prev parent reply other threads:[~2001-01-15 19:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-15 15:08 Goal / Danger: Attack by malicious root Jan Petranek
2001-01-15 13:02 ` Robert Hartley
2001-01-15 16:22 ` Bennett Todd
2001-01-15 16:52 ` Andi Kleen
2001-01-15 16:45 ` Preston L. Bannister
2001-01-15 17:53 ` Johnathon Day
2001-01-15 19:19 ` Bennett Todd [this message]
2001-01-15 21:18 ` Johnathon Day
2001-01-16 9:22 ` Matthew Pemble
2001-01-16 12:53 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2001-01-16 12:28 Roger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010115141903.S8565@rahul.net \
--to=bet@rahul.net \
--cc=jan@petranek.de \
--cc=jcday@mail.thesportsregister.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.